Debian DSA-116-1 : cfs - buffer overflow

2004-09-2900:00:00

www.tenable.com

Zorgon found several buffer overflows in cfsd, a daemon that pushes encryption services into the Unix™ file system. We are not yet sure if these overflows can successfully be exploited to gain root access to the machine running the CFS daemon. However, since cfsd can easily be forced to die, a malicious user can easily perform a denial of service attack to it.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-116. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14953);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2002-0351");
  script_xref(name:"DSA", value:"116");

  script_name(english:"Debian DSA-116-1 : cfs - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Zorgon found several buffer overflows in cfsd, a daemon that pushes
encryption services into the Unix(tm) file system. We are not yet sure
if these overflows can successfully be exploited to gain root access
to the machine running the CFS daemon. However, since cfsd can easily
be forced to die, a malicious user can easily perform a denial of
service attack to it."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-116"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the cfs package immediately.

This problem has been fixed in version 1.3.3-8.1 for the stable Debian
distribution and in version 1.4.1-5 for the testing and unstable
distribution of Debian."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cfs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2002/03/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"cfs", reference:"1.3.3-8.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxcfsp-cpe:/a:debian:debian_linux:cfs
debiandebian_linux2.2cpe:/o:debian:debian_linux:2.2

Vendor	Product	Version	CPE
debian	debian_linux	cfs	p-cpe:/a:debian:debian_linux:cfs
debian	debian_linux	2.2	cpe:/o:debian:debian_linux:2.2

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0351

www.debian.org/security/2002/dsa-116

JSON

Related for DEBIAN_DSA-116.NASL